Cross-Site Scripting Vulnerability in Photocrati NextGEN Gallery Plugin for WordPress
CVE-2015-9229
4.8MEDIUM
What is CVE-2015-9229?
The Photocrati NextGEN Gallery plugin version 2.1.15 for WordPress contains a Cross-Site Scripting (XSS) vulnerability in the nggallery-manage-gallery page. This security flaw allows remote authenticated administrators to inject arbitrary web scripts via the 'images[1][alttext]' parameter, potentially compromising the integrity of the website. It's crucial for users of this plugin to address this vulnerability to mitigate possible attacks.